Reprinted from Jackson Lewis - Workplace Resource Center

An employee who uses false documentation to secure employment with an employer has no recourse for an allegedly wrongful failure to hire, the California Court of Appeal has ruled. Salas v. Sierra Chemical Co., No. C064627 (Cal. Ct. App. Aug. 9, 2011). In addition, the “after-acquired-evidence” doctrine (where, after an allegedly discriminatory termination or refusal to hire, the employer discovers employee or applicant wrongdoing that would have resulted in the challenged termination or refusal to hire regardless of any discrimination) provides a complete defense to the employee’s claims the employer discriminated against him due to an on-the-job injury, refused to accommodate his disability, and denied him employment as punishment for filing a claim for workers’ compensation benefits. His claims also will be barred by the doctrine of unclean hands if his misrepresentation jeopardizes the employer.

Alleged Discrimination and Refusal to Hire

Sierra Chemical hired Vicente Salas as a seasonal production line worker. Salas claimed that the company refused to rehire him following a seasonal layoff as retaliation for his previous workers’ compensation claim for an on-the-job back injury. He also claimed that the company violated the California Fair Employment and Housing Act (FEHA) by discriminating against him because of the injury. Salas alleged that rather than provide a reasonable accommodation for his disability or engage in an interactive process to determine whether an accommodation could be reached, the company refused to allow him to return to work.

The company countered that the after-acquired-evidence doctrine provided a complete defense to these claims because: (1) Salas used a Social Security number that belonged to another person in order to secure his employment with the company; and (2) the company would not have hired him had it known of this misrepresentation. The trial court granted the company’s motion for summary judgment.

Submission of False Documents

The Court of Appeal affirmed, ruling that the company produced evidence that the Social Security number Salas used to obtain employment belonged to another person. Salas misrepresented a job qualification imposed by the federal government, i.e., possessing a valid Social Security number that does not belong to someone else. As a result, he was not lawfully qualified for the job. This violated the company’s “long-standing policy” that “precluded the hiring of any applicant who submitted false information or false documents in an effort to prove his or her eligibility to work in the United States.”
Moreover, Salas placed the company in the position of submitting a false I-9 form and filing inaccurate returns with the Internal Revenue Service and the Social Security Administration. These facts entitled the company to judgment as a matter of law based on the after-acquired-evidence doctrine.

Additionally, because Salas’s misrepresentation exposed the company to penalties for submitting false statements to several federal agencies and Salas was disqualified from employment based on governmental requirements, his claims are barred under the doctrine of unclean hands. This doctrine applies when it would be inequitable to provide a plaintiff — who is guilty of unconscionable, bad faith, or inequitable conduct — any relief and is a complete defense to both legal and equitable causes of action.

… (a) All protections, rights, and remedies available under state law, except any reinstatement remedy prohibited by federal law, are available to all individuals regardless of immigration status who have applied for employment, or who are or who have been employed, in this state.

… (b) For purposes of enforcing state labor, employment, civil rights and employee housing laws, a person’s immigration status is irrelevant to the issue of liability, and in proceedings or discovery undertaken to enforce those state laws no inquiry shall be permitted into a person’s immigration status except where the person seeking to make this inquiry has shown by clear and convincing evidence that the inquiry is necessary in order to comply with federal immigration law.

The Court rejected this argument, saying that “while SB 1818 provides that undocumented workers are entitled to ‘[a]ll protections, rights, and remedies available under state law,’ the enactment does not purport to enlarge the rights of these workers, instead declaring that its provisions are ‘declaratory of existing law.’” Thus, the bill did not eliminate existing employment law defenses.

Yes it's obvious, but how many businesses routinely change passwords when employees are terminated. I'm my experience not all.

***************************************

Ex-employee accused in suit of hijacking firm's email, website

By Patrick Lakamp

NEWS STAFF REPORTER - buffalonews.com

Published:September 22, 2011, 10:07 PM

Updated: September 23, 2011, 7:43 AM

Brett Rawdin's bosses said they fired him two weeks ago, taking away his $125,000 salary, his expense account and his car allowance -- everything but his access to the company website and email system.

They discovered that oversight, they said, a day after mailing his termination letter. That's when his former employer, TSC Construcsuittion Co., said it received an email confirming a change to the company password from GoDaddy.com, with whom it contracts for both website and email services.
Rawdin, who lives in Clarence, changed the password after he was fired without telling anyone, giving himself sole access to and control of the company's email system and website, according to a lawsuit the company filed this week in State Supreme Court.

The lawsuit also accuses Rawdin of falsely submitting claims for reimbursement of alleged business-related expenses totaling more than $100,000 and making deals without getting approval to do so that resulted in financial losses.

A spokesman for Rawdin, who did not want to be identified, said that Rawdin has not received any of the court papers. Any claims or allegations are false and will be defended completely, and counterclaims against the corporation and individuals will be made, the spokesman said. The allegations, the spokesman added, are an attempt to remove Rawdin from his position for the benefit of the other owners of the company. Rawdin has an unspecified share in TSC.
Rawdin is disappointed that this private matter is being publicized without any proof, the spokesman said.

Much of the lawsuit focuses on the website and email accounts under Rawdin's control.
Edward P. Ladd Jr., TSC's chief executive officer, said in an affidavit, "This presents a grave concern to TSC in that all incoming and outgoing communications with its clients are no longer secured, and TSC no longer has control over its Internet presence and communications."
Before his firing, Rawdin was one of two employees privy to the login and password, according to the lawsuit.

TSC said it was blocked when it tried to regain control of the website and email system. GoDaddy.com said the new password could not be reversed "because the changes were made by either an authorized user or person possessing the proper account login credentials," according to court papers.

TSC, a company with headquarters in Johnson City and an office in Buffalo, develops and builds projects such as cellular and microwave applications on towers for wireless data and communications providers.

Rawdin was an officer for TSC from June 2006 until Sept. 8, the lawsuit said. He served as a project manager, and his job duties included finding new customers.

The company said it informed Rawdin that it was immediately terminating his employment in a letter dated Sept. 8 and mailed to him Sept. 12. The company also sent him a copy of the termination letter via an email Sept. 13.

Samuel J. Savarino holds an ownership interest in TSC, and he acts as the managing member of the ownership group.

"The papers speak for themselves," Savarino said of the court filing. "It's a matter with a disgruntled former employee who forced us to take the action we took." He declined to comment further.
TSC contracted with GoDaddy.com in 2008 for both a Web domain and email account. Access was protected by a login and password. During Rawdin's employment, only he and Anna Monteiro, the company's comptroller, were privy to the login and password, the lawsuit said.

After receiving his termination letter, "Rawdin accessed TSC's email account and Web domain with GoDaddy and changed the password, thereby granting himself sole access and control," the lawsuit alleges.

Monteiro received an email from GoDaddy on Sept. 13 confirming the change.
"I immediately contacted GoDaddy to advise that the changes to the accounts were unauthorized and were made by a former employee," she said in an affidavit.

But GoDaddy refused to return control of the account to the company, she said.
Five days after his termination, Rawdin sent an email from his TSC account advising his contacts that his mobile phone was "down," and he provided a new phone number at which he could be reached, according to court papers.

TSC, in court papers, said Rawdin does not deny that he changed the password and now has control over the company's website and email account.
"Rawdin has failed and refused to relinquish control of TSC's email and Web domain with GoDaddy," the lawsuit alleged.

By retaining control, Rawdin has the ability to access, monitor and control all incoming and outgoing electronic communications with TSC, the lawsuit said. The lawsuit also accused him of sending emails to existing customers and business contacts of TSC "so as to improperly and falsely create the appearance that Rawdin remains an employee of TSC."

The lawsuit seeks compensatory damages of at least $500,000.

The company also wants the court to order Rawdin to stop using its website and email account, and to turn over the login and password information.

Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests

MOUNTAIN VIEW, CA, Sep 19, 2011 (MARKETWIRE via COMTEX) -- Symantec Corp. /quotes/zigman/78627/quotes/nls/symcSYMC+1.49%today announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines.

"The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years," said Dean Gonsowski, eDiscovery Counsel at Symantec. "With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It's critical for the two departments to work together to develop and implement an effective information retention policy."

Email Does Not Equal eDiscovery When asked what types of documents are most commonly part of an eDiscovery request, respondents selected files and documents (67 percent), and database or application data (61 percent) ahead of email (58 percent). As evidence of just how many sources companies must be prepared to produce information from, more than half indicated SharePoint files (51 percent), and nearly half cited instant messages and text messages (44 percent) and social media (41 percent).

Better Practices Drive Dramatically Better Outcomes The survey found wide variations in information retention practices among enterprises. Companies that employ best practices, such as automating the placement of legal holds and leveraging an archiving tool instead of relying on backups, fare dramatically better when it comes to responding to an eDiscovery request. These top- tier companies are 81 percent more likely to have a formal retention plan in place; 63 percent more likely to automate legal holds; and 50 percent more likely to use a formal archiving tool.
Implementing these best practices translates to a 64 percent faster response time with a 2.3 times higher success rate when responding to an eDiscovery request. Consequently, these top-tier companies are significantly less likely to suffer negative consequences than companies that do not have a formal information retention policy in place. Top-tier companies are:

-- 78 percent less likely to be sanctioned by the courts
-- 47 percent less likely to lead to compromised legal position
-- 20 percent less likely to have fines levied
-- 45 percent less likely to disclose too much information leading to
compromised litigation position

Despite Risks, Organizations Still Not Prepared Despite the risks, the survey found nearly half of respondents do not have an information retention plan in place. Thirty percent are only discussing how to do so, and 14 percent have no plan to do so. When asked why, respondents indicated lack of need (41 percent); too costly (38 percent); nobody has been chartered with that responsibility (27 percent); don't have time (26 percent); and lack of expertise (21 percent) are top reasons.
Recommendations

-- Create and implement a records and information management (RIM)
program. Get started with a formal plan as soon as possible, and then
refine it accordingly to address specific laws and regulations
governing the retention and availability of information. Without a
formal plan it is difficult to know when -- and what -- to delete,
which drives over-retention and creates additional risk.
-- Periodically delete electronically stored information (ESI) according
to your RIM program. Most organizations (79 percent) believe that a
proper information retention plan should allow them to delete
information. Yet, 20 percent of organizations still retain archived
data forever. This means that a large percentage of organizations are
not correctly deploying the archive to minimize data through expiry
and by implementing document retention policies. Delete according to
your information retention plan to reduce storage, litigation exposure
and eDiscovery costs.
-- Use backup for recovery, archiving for discovery. The survey found
approximately 40 percent of organizations keep data on their backup
tapes infinitely and use those backup tapes for their legal hold
process. This exposes them to the costly and dangerous proposition of
restoration in the event of litigation. Backup is intended for
recovery purposes, and 30-60 days is the longest data should be backed
up. Files should then be automatically archived or deleted. Using
backup only for disaster recovery enables an organization to delete
older backup sets within months instead of years.
-- Deploy advanced legal hold processes and solutions to minimize the
risk of non-compliance. The preservation step of the litigation
process is fraught with risks due to the potential of spoliation
sanctions, which are often levied after the loss or inadvertent
deletion of ESI. The safest strategy is to deploy next generation
legal hold applications to better communicate the importance of a
given legal hold notice, track acknowledgement and periodically issue
reminders to affected custodians. Leveraging software here is
particularly critical since legal holds can encompass thousands of
custodians and span many years, both of which stress manual solutions.
-- Conduct litigation readiness exercises to determine exposure areas and
formulate a prioritized remediation plan. It is critical for
organizations to assess their current state of preparedness to
determine how well they can safely and efficiently respond to an
eDiscovery request or governmental inquiry. By taking a long term
approach and leveraging industry best practices (along the EDRM
spectrum), companies are in a much better position to withstand
challenges to their internal processes and avoid negative
consequences. For example, top-tier companies in the survey were
78percent less likely to be sanctioned by the courts and 47percent
less likely to have their legal position unnecessarily compromised.
-- Prepare for eDiscovery and governmental inquires by casting a wider
ESI net, including social media, cloud data, instant messaging and
structured data systems. eDiscovery is no longer primarily limited to
email. Identify where all electronically stored information resides
company-wide so that these sources do not go unrecognized. Once these
sources of potentially responsive ESI are accounted for, the right
eDiscovery tools need to be deployed so that these disparate types of
ESI can be defensibly collected and processed for review in a singular
auditable environment.

Symantec's 2011 Information Retention and eDiscovery Survey Applied Research fielded this survey by telephone in June and July of 2011. We spoke to 2,000 Enterprises from 28 countries. The organizations, which included a large range of industries, were enterprises with 1,000 employees or more. Respondents consisted of both a representative from IT management and a representative from Legal. By including both we were able to get a holistic picture of information retention and eDiscovery issues in the organization. Globally, this survey has a reliability of 95 percent confidence with +/- 2.2 percent margin of error.

Monday, September 5, 2011

Personal spying is real threat to anyone with a computer. Recently, we've been handling more of these civil cases and finding similar evidence as described in the article. Mark McLaughlin - CFI

************************************************

Reprint from Digital Treands September 3, 2011 by Mike Flacy

Commonly called "sextortion" by Federal authorities, the practice of hacking into a victim's computer to locate compromising photographs and threatening the victim with Internet exposure to gain more photos, video or money is on the rise.

32-year-old Luis Mijangos was sentenced to six year in prison this week by a U.S. District Court judge in California after pleading guilty to one count of computer hacking and one count of wiretapping in March 2011. Mijangos, a resident of Santa Ana, California, worked as a freelance web designer and developer earning about $52,000 a year, but also spent his days using malware to gain access to people’s computers and extorting up to $3,000 a day from his victims. FBI experts in computer forensics estimated that Mijangos infected more than 100 computers used by over 230 people, 20 percent which were juveniles.

Mijangos worked with other criminals they he met over IRC to perfect malware that was undetectable by antivirus software. The malware was disguised as links to video or music to hide remote-access tools such as SpyNet and Poison Ivy. Through these programs, Mijangos was able to search computers for intimate or sexually-explicit photos of the women using the computers as well as watch the users of the computer through a webcam and listen through a built-in microphone.

Mijangos would then contact the victim to demand money or explicit videos from them and threaten to distribute the existing photos to family and friends if they contacted the police. Mijangos also hacked into the email account of the boyfriend of a juvenile in order to request sexually-explicit photos or video from the female juvenile and subsequently threaten to expose them for more explicit material.

Beyond the many attempts of sextortion, Mijangos also installed keyloggers on the victim’s accounts to steal credit card numbers to purchase various electronics and other items. Many of the victims involved in the case spoke out at the sentencing trial to stress the damage caused by the disturbing psychological games that Mijangos forced upon them. Before pleading guilty to the charges, Mijangos told police that he was hired by husbands or boyfriends of the victims that were suspicious of cheating.
# # #